Tunnel Mode

• The destination firewall examines and processes the outer IP header plus any outer IP extension headers

  • On the basis of the SPI in the ESP header, the gateway decrypts the remainder of the packet to recover the plaintext inner IP packet

• This inner packet (tunnel contents) is then transmitted on the internal network

Previous slide

Next slide

Back to first slide

View graphic version